Deviant Login Shop  Join deviantART for FREE Take the Tour
×

:iconmlpfriendshipismagic: More from MLPFriendshipIsMagic


More from deviantART



Details

Submitted on
February 20, 2013
Link
Thumb

Stats

Views
4,777 (3 today)
Favourites
34 (who?)
Comments
48
×

Regarding Group Security and "Hackers"

Journal Entry: Wed Feb 20, 2013, 8:45 PM



Hello Everypony,

This post is largely directed towards anyone who moderates or runs a MLP-related group on DeviantArt, but the information contained can be relevant to everyone.

Over the past few hours, there's been a note circulating around to various MLP groups, claiming that there is a small group of "hackers" (which is not the correct word) attacking MLP groups, taking them over, and vandalizing them. To counter this, the note is suggesting that groups should block all join requests, disable auto-accept, and then forward the note to every other group you know of.

Really, that's horrible advice, don't do that.

It is true that during the past few days, a couple of pony groups have been attacked by malicious users. However, there is no elaborate hack or security flaw that's allowing this to happen. Instead, the groups that were attacked simply had an incorrectly configured, yet easily fixable, setting in their group's permissions which allowed such attacks.

Most groups already are not affected by this issue. However, there are a few where the settings are less than secure. To check to see if your group is at risk, go into your "Admin Area", click on "Manage Members", and click on your "Co-Founder" role. Next, look for the "Join Requests" option, and make sure that it is set to "Not Allowed". If that option is not set to "Not Allowed", change it so that it is - this will prevent people from joining your group as a Co-Founder. Repeat this for the "Moderator" and "Contributor" roles, and this will prevent anyone from joining your group as anything but a regular member.

There is no need to disable join requests, or require moderator approval for new members to join your group - that just prevents your group from growing. I should also point out that the group who started circulating this note, suggesting that other groups disable join requests, has not done so themselves. Regular members cannot cause any damage to your group beyond spamming it (which can be dealt with easily enough), so there's no sense in preventing people from being able to become members.

A few more words of advice:

1) Always use a strong password, including a mixture of upper and lower case letters, numbers, and symbols. The longer and more random a password is, the more secure it is.

2) Do not use the same password on multiple sites. Instead, try coming up with a new password for each website you use. If you have difficulty remembering these passwords, look into using an encrypted password manager such as KeePass.

3) Do not ever download files from people you do not know, especially if they end in .zip, .rar, .7z, .gz, .exe, or .msi. Really, you shouldn't download _ANYTHING_ from someone you don't know, no matter what, but that holds doubly true for files ending in those extensions.

4) If you run a group on DA, do not let just anyone who asks become a moderator/co-founder/contributor of the group. Look into them a bit - how long have they been on DA? Do they mod any other groups? Do they interact with the community alot? Do any of your other mods/co-founders know them? If anything seems fishy or suspicious about them, or if you can't confirm that they'd be a good moderator, don't let them be one.

5) Finally, we ask that you please do not send mass-notes or mass-comments to every group you're a member of linking back to this journal, or copy/pasting its text. While it is a noble intention to want to warn the other groups, sending out mass notes/comments could be considered spamming, and may do more harm than good.

We hope that this journal entry was informative, helps you secure both your account and your group, and helps clear up any misconceptions and false information that have been floating around. While this situation is indeed a cause for concern, it has been blown a bit of proportion. Simply make sure that your groups are secure and you're using a strong password, and you'll have little to worry about.

~Fifth Element, Founder

Add a Comment:
 
:iconzilvart:
zilvart Featured By Owner Feb 24, 2013  Hobbyist Digital Artist
ye but if no ones isn't avaible to join the group wont grow hower i do see,it's a proble with that!
Reply
:iconfor-the-plot:
For-The-Plot Featured By Owner Feb 23, 2013  Professional General Artist
hacker is mostly just a band aid for 'i've been had and don't want to admit i was directly responsible.'
Reply
:iconorcha3000:
Orcha3000 Featured By Owner Feb 22, 2013  Student Digital Artist
thank you. :)
Reply
:iconvabla:
Vabla Featured By Owner Feb 22, 2013  Hobbyist
This is (or at least should be) common sense. I'm kind of surprised people would miss something like that.
And I cringe every time I see the word "hacker" tossed around whenever someone does something they shouldn't be able to. Soon it'll be "terrorist".
Reply
:iconkittykatengle:
KittyKatEngle Featured By Owner Feb 21, 2013
Thank you for the warning!!
Reply
:iconjeurobrony:
jeurobrony Featured By Owner Feb 21, 2013
If I can add something:
Use Firefox. And definitely not Chrome. (Opera and Lynx are also OK).
Don't open any files from unknown sources. Especially on Windows.
If possible, install Linux or at least use Live CD.
Get a VPN or browse through Tor/i2p. Using public proxy is not recommended.
Get NoScript, Do Not Track Me, HTTPS Everywhere add-ons for Firefox.
Report, report, report. Share information about malicious links.
Always double check the URL (location bar/place where you enter address) of the login page. If even one letter is not on place (e. g. devAIntart.com instead of devIAntart.com), leave the page immediately.
Perform antivirus scan a few times a month. (You can also try netstat check. Secure link: [link] )
Now, the security has been doubled.
P.S. These guys are script kiddies. They can only share keyloggers/viruses.
Reply
:iconmystic-lightscx:
Mystic-LightsCx Featured By Owner Feb 24, 2013  Hobbyist Digital Artist
I've got Bitdefender, Firefox, and Linux x3 Plus, I ALWAYS check the URL of a page, I never click on links like bit.ly, tinyurl.com, or anything that looks suspicious. I think I'm quite safe xD
Reply
:iconthedpfangurl:
TheDPFangurl Featured By Owner Feb 21, 2013
I don't know... It just feels like a lot of people are getting hacked personally lately...
Reply
:iconzeropegasi:
ZeroPegasi Featured By Owner Feb 21, 2013  Hobbyist General Artist
noted, stored and archived
thanks for the heads up
Reply
:iconenma-darei:
Enma-Darei Featured By Owner Feb 21, 2013  Hobbyist Digital Artist
using a strong password is the best suggestion, seriously, it's not that hard to come up with a strong password.
Reply
Add a Comment: